Glow is a mobile app designed to help women track their menstrual cycles and fertility. Like similar apps, it asks users to record the onset of their periods, along with details such as their weight and medications. Glow also asks for intimate physical details, including the appearance of their cervical mucous and the position of their cervix (the app has instructions for determining these characteristics), any history of abortions, whether they’ve experienced anything from diarrhea to low sex drive, their mood, and more.

Recently, Consumer Reports tested Glow for security and privacy features as part of a broader project, and found surprising vulnerabilities. One security flaw might have let someone with no hacking skills at all access a woman’s personal data. Other vulnerabilities would have allowed an attacker with rudimentary software tools to collect email addresses, change passwords, and access personal information from participants in Glow’s community forums, where people discuss their sex lives and health concerns.

We concluded that it would be easy for stalkers, online bullies, or identity thieves to use the information they gathered to harm Glow’s users. In July, we shared our concerns with Glow, Inc., the company that makes the app. The executive we spoke with was not aware of the potential vulnerabilities, and the company moved quickly to correct them.